win32:Lineage-419[Trj] virus

A friend’s msn messenger was recently hijacked and sent me a zip named “photoalbum” containing a *.pif file which I opened. The next time I turned on the computer Avast! found the virus and removed it, but now everytime I boot up Avast! tells me the Trojan is still there but then it can’t find the file to remove it. “Cannot process “C;\WINDOWS\SYSTEM32\DLLMS.DLL[eXPressor]” file”.
What is happening and how can I fix it? If anyone knows please help.

If a virus is replicant (coming and coming again), you should:

  1. Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k. After boot you can enable System Restore again.

  2. Clean your temporary files. You can use [ur=http://www.stevengould.org/downloads/cleanup/]CleanUp[/url] or the Windows Advanced Care features for that.

  3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

  4. It will be good if you download, install, update and run other trojan remover tools: a-squared and/or Free AVG Antispyware (trojan removers). Some users recommend SUPERantispyware or Spyware Terminator.

  5. Use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.

Windows in its infinite wisdom protects files in use (even malware) or in system folders, so it is likely that avast! can’t delete or move files in use.

So schedule boot-time scan (as Tech mentioned), otherwise boot into safe mode and run an avast scan. This should ensure that the file isn’t in use and avast should be able to deal with it.

Thanks for the advice.
It worked!

No problem, welcome to the forums.

Stick around and browse the forums, especially the sticky topics at the top of each of the forums, not to mention the avast help file. They provide a wealth of information to help you get the best from avast.

Which one? Did you follow all the steps?

I followed all the steps, using the best software recommended

When it rains, it pours.
It seems that this virus has affected my Photoshop. Since the day I discovered the virus I’ve not been able to open Photoshop. It launches, loads all the plugins, etc then just exits.
I’ve uninstalled it then reinstalled it, but the same thing happens.
Does anybody know why and how to fix this?

Sometimes, trying to install the application again, over the old installation (overinstallation), repairs the messed things…

Tech, I tried that & it didn’t work

Uninstall, boot and install again?

No good. Uninstalled, booted up with a boot scan, reinstall, and same problem

I suggest you visit this page http://www.antirootkit.com/software/index.htm for antirootkit detection, removal & protection.
Comparison test here: http://www.informationweek.com/software/showArticle.jhtml?articleID=196901062&pgno=1&queryText=

And you get full computer on-line scanning:
Kaspersky
Trendmicro housecall
Ewido
F-Secure
Spysweeper

At least, try Kaspersky…

Before I tried your last advice, I did an online search (I began to suspect that maybe the problem was no longer virus related). I found this forum http://www.graphicdesignforum.com/forum/archive/index.php/t-5632.html with this advice:
“There is a preference file for every program that you use. If you throw away the current one for [Photoshop], it will create a new preference file when you restart Photoshop. Sometimes those preference files get corrupt when a program or computer freezes, crashes or sometimes for no reason at all.”
“as soon as Photoshop’s starting to load, hold down shift + ctrl + alt (be quick!), until it asks if you really want to delete the user’s settings.”
It worked. I suspect that the virus caused the problem that had to be resolved by dumping the preference files.
Thank you, Tech, for your help with the virus issue.

Wow! What a lesson of troubleshooting, patience and perseverance.
Thanks for posting the solution and making clearer the problem.